Our cyber security research has identified some significant highlights, which are worth considering before deciding how to approach customer and regulator demands for enhanced cyber-security:

  • There is a huge threat to your business from organised crime syndicates that distribute Ransomware and other cyber-attack capabilities, which is increasing year-on-year, and is almost impossible to eliminate with any realistic assurance
  • The only practical approach is to make cyber-attacks harder, more time consuming and more costly, in the hope that the attackers will target someone else, instead of you
  • There is government published guidance, such as the NCSC Small Business Guide, and there are government approved accreditation schemes, such as Cyber Essentials
  • However, the recommendations can be difficult, time consuming and expensive to implement, which is mainly down to the cultural changes required within the business
  • It is surprisingly much more cost-efficient to implement an extreme cyber security system that is Secure by Default, and was created based on NCSC Secure Design Principles
  • Complexity and variation in your business systems reduce productivity, and increase the time and money needed to secure a business, so having one holistic system is always better
  • Flexibility for each user to select their own preferred tools is nice, but extremely expensive once you take account of the real cost of making those tools secure, so think about the costs
  • However, it is important to involve all stake holders and business users in the selection and configuration of an appropriate system, because cultural changes are also critical to success
  • Involving the business owners and principal officers is particularly critical, and failing to get their support will have a disproportionate impact on both system cost and effectiveness
  • One of the most effective techniques for deterring cyber-attacks is to reduce the amount of data that any individual user can access without being subject to invasive security checks
  • System administrators are one of the most serious security risks in any business, despite being selected for their trustworthiness, because they have access to too much data
  • End-to-end encryption is internationally recognised across the cyber security community for reducing the amount of sensitive information disclosed by successful attacks, and potentially eliminating the risk posed by attacks on suppliers
  • However, end-to-end encryption systems are still vulnerable to attacks on individual users and user devices, and potentially some servers, so it is absolutely critical that you manage the amount of sensitive information that could be exposed by such attacks
  • User devices are also potentially vulnerable to a whole variety of cyber-attacks, and can be used to steal any data accessed by authorised users or modify any data created by them, regardless of the security controls on authorised access
  • Security hardening user devices can be critical for some businesses, but there are still risks of external surveillance and tampering, which are difficult to eliminate
  • Attacks on the supply chain of your end-to-end encryption provider can potentially bypass all of your security, so it is essential that your suppliers implement extensive security controls to mitigate attacks and reduce the potential impact

Contact Us

    Item added to cart